Linux下配置DNS服务器:
域名软件 : bind # berkely internet name domain
bind:
/etc/named.conf : root : named
/var/named/ : 工作目录
配置文件:
/etc/named.conf
options { #全局配置
directory "/var/named";
};
zone "." IN {
type hint; #( master -> 住 slave -> 从缓存 foward -> 转发器)
file "named.ca"
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
dig -t NS . >> named.ca # 存放在/var/named/目录下
"""
配置格式:
宏定义:
$TTS
$ORIGIN
SOA:
demo.com.(域) 600(TTS值) IN(关键字) SOA(类型) ns.demo.com.(主DNS服务器域名) admin.demo.com.(邮箱) (
2014081201 # 版本号
20M # 每隔20分钟检查
5M # 访问主DNS 没有相应,再每隔5分钟请求
5D # 5天后没有相应宣布失败
1D # 没有记录的请求让请求者缓存1day之内不要再过来问了(否定回答)
)
NS:
demo.com. 600 IN NS ns1.demo.com.
demo.com. 600 IN NS ns2.demo.com.
ns1.demo.com. 600 IN A 1.1.1.1
ns2.demo.com. 600 IN A 1.1.1.2
MX:
demo.com. 600 IN MX 10 mail.demo.com.
mail.demo.com. 600 IN A 1.1.1.3
"""
localhost.zone 文件配置(/etc/named/localhost.zone)
'''# (与/etc/named.conf localhost对应)
$TTS 600
localhost. IN SOA localhost. admin.localhost.(
2014081201
1H
10M
1W
1D
)
IN NS localhost.
localhost. IN A 127.0.0.1
name.local 文件配置(/etc/named/name.local 反向解析文件)
'''
$TTS 600
@ IN SOA localhost. admin.localhost(
2014081201
10H
10M
1w
1D
)
localhost. IN NS localhost.
1 IN PTR localhost.
为特殊的域添加DNS解析
1.编辑/etc/named.conf文件
添加一段
zone "demo.com" IN {
type master;
file "/var/named/demo.com.zone";
};
2.编辑/var/named/demo.com.zone文件
$TTS 600
$ORIGIN demo.com.
@ IN SOA ns admin.demo.com. (
2014081201
1H
10M
1W
1D
)
@ IN NS ns.demo.com.
IN MX 10 mail
ns IN A 1.1.1.1
mail IN A 1.1.1.2
www IN A 1.1.1.3
ftp IN A 1.1.1.4
imap IN A 1.1.1.3
pop IN CNAME mail
检查配置文件
1.named-checkzone "zone" zone-file
2.service named configtest
3.dig -t axfr domain.com #返回所有区域传送数据
Client ----> DNS Server
/etc/resolv.conf
nameserver SERVER
local cache --> /etc/hosts --> DNS Server (luowen.com)
DNS Server
1.如果查询请求是本机负责的区域的话,要通过查询区域数据文件返回结果
2.如果查询请求不是本机负责的区域的话,就查缓存
3.如果缓存没有,则向根发起请求
DNS类型:
1.主DNS:(某个区域第一台DNS解析etc:luowen.com)
2.辅助DNS:(提供与主DNS同样的服务DNS服务器,每个一段时间去主服务器获取最新数据)
3.hint 根服务
4.forward 转发服务器
'''
zone 'forward.com' IN{
type forward;
forwarders { 1.1.1.1;};
};
'''
转发类型:
1.first : 转发机器没搭理,自己去找根
2.only : 转发机器没代理,自己啥也不干了
DNS远程控制器: # /etc/bind9/rndc.conf
rndc:
1.stop
2.status
3.start
4.reload
5.freeze
配置rndc :
1.rndc-confgen >> /etc/bind/rndc.conf # 生成rndc文件,默认没有此文件
2.将一下段加到naned.conf(完成)
key "rndc-key" {
algorithm hmac-md5;
secret "mEhP3esUPzvZZVk1RfUuEg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
3.rndc常用命令:
1.start # 开始服务
2.stop # 停止服务
3.reload # 重新加载
4.reload zone # 重新加载zone快
5.reconfig # 重新加载修改该过的配置
6.status # 状态信息 添加统计信息,在named.conf options段添加statstic-file "/var/named/data/stats" ,如需监听指定IP段 添加 listen-on { ip1; ip2; };
7.flush # 清空缓存
从DNS服务器配置:
1.另外一台服务器和当前服务器一样配置:不同处如下:
zone '主域服务器zone' IN {
type slave;
masters { 192.168.1.109; };
file "/var/named/slave/主域服务器.zone";
};
2.allow-transfer { ip; } # 只允许ip主机来主DNS那到数据,定义options段表示所有域,定义在zone段,就表示一个区域生效
3.访问列表: #定义在options段前
acl SLAVES-OUR {
127.0.0.1;
192.168.1.1;
192.168.1.109;
}
acl SLAVE-CLIENTS {
172.168.0.0/16;
};
4.dns递归配置:
1. recursion no 在options段配置,表示所有不递归
2. allow-recursion { SLAVE-CLIENT } #定义在client中的地址在本机递归解析
DNS子域授权:
1.一级域配置:
zone "demo.com" IN {# /etc/name.conf
type master;
file "/var/named/demo.com.zone";
};
# /var/named/demo.com.zone
$TTL 600
$ORIGIN demo.com.
IN SOA ns admin.(
2014081601
1H
10M
1W
1D
);
IN NS ns
ns IN A xxx.xxx.x.x
www IN A xxx.x.x.x.
it IN NS ns.it
ns.it IN A yyy.yyy.y.y
2.二级域配置:
zone "it.demo.com" IN { # /etc/it.demo.com
type master;
file "/var/named/it.demo.zone";
};
}
$TTL 600
$ORIGIN it.demo.com.
@ IN SOA ns admin. (
2014081601
1H
10M
1W
1D);
@ IN NS ns
ns IN A xxx.xx.xx
DNS : VIEW (#172.16.xx.解析到172.168.1.1 192.168.xx.xx对应解析到192.158.1.1)
1.配置:/etc/named.conf
acl lnet {
172.16.0.0/16;
127.0.0.0/8;
};
options {
directory "/var/named";
};
view internet{ #内网访问
match-clients { lnet; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/name.ca";
};
zone "localhost" IN {
type master;
file "/var/named/localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "/var/named/named.local";
};
zone "demo.com" IN {
type master;
file "/var/named/demo.com.internet.zone";
allow-transfer { none; };
allow-update { noen; };
};
};
view external {
match-client { any; };
recursion no;
zone "demo.com" IN {
type master;
file "/var/named/demo.com.external.zone";
allow-transfer { none; };
allow-recursion { none; };
allow-update { none; };
}
}
2.配置 /var/named/demo.com.internet.zone
$TTL 600
$ORIGIN demo.com.
IN SOA ns admin.demo.com.(
2014081701
1H
10M
1W
1D );
IN NS ns
ns IN A 172.16.0.254
www IN A 172.16.1.1
配置/var/named/demo.com.external.zone
$TTL 600
$ORIGIN demo.com.
IN SOA ns admin.demo.com.(
2014081701
1H
10M
1W
1D );
IN NS ns
ns IN A 172.16.1.254 ;同一台服务器两块网卡
www IN A 192.168.1.1
编译安装bind:
1.下载安装包,解压后
./configure --sysconfdir=/etc --disable-ipv6 --enable-largefile --enable-thread=no --prefix=/usr/local/named --disable-openssl-version-check --localstatedir=/var